Prevx3.0 can't seem to fix the cloaked malware found. I tried running in safe mode and installing randomized version. Any help would be appreciated Prevx Scan Log - Version v3.0.5.50 Log Generated: 24/1/2010 11:16, Type: 1,1 Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033 Hostname: WNADEC-RCHAVEZ2 Some non-malicious files are not included in this log. Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1) Last Scan: Sun 2010-01-24 11:14:40 Central Standard Time. Number of Scans: 23. Last Scan Duration: 2 minutes 8 seconds. c:\windows\system32\h8srtwmlltkckie.dll [PX5: F68023A8004217BFA02D0055A878AE005F8FD4CF] Malware Group: High Risk Cloaked Malware c:\windows\system32\h8srtpjmvcvjlkx.dll [PX5: BDF27BC70052C040A03A000830F32E00A720CBEA] Malware Group: High Risk Cloaked Malware c:\windows\system32\h8srtnyobqpoayb.dll [PX5: 8F5A9A1B00FC8AB3421B00693DABB300CEC1AFA2] Malware Group: High Risk Cloaked Malware
in settings make sure that heuristics is on high and self defense is at maximus and it will remove it on reboot try it
Hi, didn't Prevx detect and/or remove a c:\windows\system32\drivers\h8srtxxxxxxxxxx.sys ? (x is random character) If not, try Tools > Manual File Cleanup and delete the c:\windows\system32\drivers\h8srtxxxxxxxxxx.sys I've used Prevx for similar infections and besides the h8srtxxxxxxxxxx.dll's there was always a c:\windows\system32\drivers\h8srtxxxxxxxxxx.sys detected and removed by Prevx. And Prevx removed the regkey wich loads the h8srtxxxxxxxxxx.sys
Jmonge, tried it....no luck....it sees them it just can't remove them..tells me to contact customer support. I have tried that and otrher than telling me to install in safe mode they have not responded since yesterday noon Prevx Scan Log - Version v3.0.5.50 Log Generated: 24/1/2010 12:39, Type: 1,1 Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033 Hostname: WNADEC-RCHAVEZ2 Some non-malicious files are not included in this log. Heuristics Settings: Age: 1, Pop: 1, Heu: 4 (Dir: 1) Last Scan: Sun 2010-01-24 12:38:27 Central Standard Time. Number of Scans: 27. Last Scan Duration: 2 minutes 17 seconds. c:\windows\system32\h8srtwmlltkckie.dll [PX5: F68023A8004217BFA02D0055A878AE005F8FD4CF] Malware Group: High Risk Cloaked Malware c:\windows\system32\h8srtpjmvcvjlkx.dll [PX5: BDF27BC70052C040A03A000830F32E00A720CBEA] Malware Group: High Risk Cloaked Malware c:\windows\system32\h8srtnyobqpoayb.dll [PX5: 8F5A9A1B00FC8AB3421B00693DABB300CEC1AFA2] Malware Group: High Risk Cloaked Malware
CRTLATLDELETE, did the manual file cleanup and now pc seems hung on "downloading disinfection files"....normal?
As far as i know there are no disinfection files needed when you remove only the c:\windows\system32\drivers\h8srtxxxxxxxxxx.sys file. But maybe the file "seems" necessary due to the way it's loaded by the regkey ?
The best thing to do is contact Prevx Support and they will clean up your machine as it is part of there Guarantee! https://www.wilderssecurity.com/attachment.php?attachmentid=215014&stc=1&d=1264368365 http://info.prevx.com/service.asp TH
Yes I would strongly recommend following these instructions to get in contact with our support engineers - they will gladly assist you in cleaning this and implement measures to prevent having to manually work on the infection in the future! Please let me know if you have any other questions or problems connecting with our support team.
True but he should continue with them, but he will have to wait till they are back to work Monday morning and ask for a remote session and let them clean it up that's what we pay for! TH